HHS - Incident Responder

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• Minimum 4–7 years of experience in incident response, SOC operations, or cybersecurity operations.
• Hands-on experience responding to enterprise cybersecurity incidents.
• Strong understanding of NIST SP 800-61, NIST SP 800-53, and federal incident response requirements.
• Experience analyzing logs, alerts, malware, and security events.
• Ability to work effectively under pressure during active incidents.
• Strong written and verbal communication skills.

Nice To Haves

• Active GCIH, CISSP, CEH, or Security+ (preferred).

Responsibilities

• Monitor, triage, and respond to cybersecurity alerts and incidents in accordance with HRSA Incident Response Plans and SOC SOPs.
• Perform incident analysis to determine scope, impact, root cause, and affected systems.
• Execute containment, eradication, and recovery actions for cybersecurity incidents.
• Respond to malware infections, phishing campaigns, ransomware, insider threats, and data breaches.
• Collect, preserve, and analyze evidence in accordance with chain-of-custody requirements.
• Support forensic analysis and coordinate with digital forensics and threat hunting teams.
• Document incident activities, timelines, findings, and remediation actions within defined SLAs.
• Prepare incident reports, notifications, and after-action reports for HRSA and HHS stakeholders.
• Coordinate incident response activities with SOC Analysts, ISSOs, system owners, Privacy Officials, and leadership.
• Support reporting requirements to HHS CSIRC, CISA, and other federal entities as required.
• Participate in incident response drills, tabletop exercises, and cyber exercises.
• Support continuous improvement of incident response playbooks, SOPs, and workflows.
• Assist with remediation validation and lessons-learned activities following incident closure.